starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 01:15:51 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #4437] DNS Challenge Fail #2840

New issue
Open
opened 2026-02-26 07:36:57 +03:00 by kerem · 9 comments
kerem commented 2026-02-26 07:36:57 +03:00
Owner
Copy link

Originally created by @martone65 on GitHub (Mar 14, 2025).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4437

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes / No
  • Are you sure you're not using someone else's docker image?
    • Yes / No
  • Have you searched for similar issues (both open and closed)?
    • Yes / No

Describe the bug

When I go to pull a new SSL certificate from Cloudflare via DNS Challenge I get the following error:

CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.19.4)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

    at /app/lib/utils.js:16:13
    at ChildProcess.exithandler (node:child_process:430:5)
    at ChildProcess.emit (node:events:518:28)
    at maybeClose (node:internal/child_process:1104:16)
    at ChildProcess._handle.onexit (node:internal/child_process:304:5)

I know my token is correct. I tested via curl.

Nginx Proxy Manager Version

v2.12.3

To Reproduce
Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior

A certificate from LetsEncrypt

I am using Ubuntu 22 server.

Originally created by @martone65 on GitHub (Mar 14, 2025). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4437 <!-- Are you in the right place? - If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit. - If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask. - If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.* --> **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - **Yes** / No - Are you sure you're not using someone else's docker image? - **Yes** / No - Have you searched for similar issues (both open and closed)? - **Yes** / No **Describe the bug** <!-- A clear and concise description of what the bug is. --> When I go to pull a new SSL certificate from Cloudflare via DNS Challenge I get the following error: ``` CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Error determining zone_id: 6003 Invalid request headers. Please confirm that you have supplied valid Cloudflare API credentials. (Did you copy your entire API token/key? To use Cloudflare tokens, you'll need the python package cloudflare>=2.3.1. This certbot is running cloudflare 2.19.4) Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details. at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:518:28) at maybeClose (node:internal/child_process:1104:16) at ChildProcess._handle.onexit (node:internal/child_process:304:5) ``` I know my token is correct. I tested via curl. **Nginx Proxy Manager Version** <!-- What version of Nginx Proxy Manager is reported on the login page? --> v2.12.3 **To Reproduce** Steps to reproduce the behavior: 1. Go to '...' 2. Click on '....' 3. Scroll down to '....' 4. See error **Expected behavior** <!-- A clear and concise description of what you expected to happen. --> A certificate from LetsEncrypt I am using Ubuntu 22 server.
kerem commented 2026-02-26 07:36:57 +03:00
Author
Owner
Copy link

@danielraffel commented on GitHub (Mar 14, 2025):

I’m experiencing the same issue.

<!-- gh-comment-id:2725855038 --> @danielraffel commented on GitHub (Mar 14, 2025): I’m experiencing the same issue.
kerem commented 2026-02-26 07:36:57 +03:00
Author
Owner
Copy link

@MIAOBUSI commented on GitHub (Mar 17, 2025):

I’m experiencing the same issue.

<!-- gh-comment-id:2730448612 --> @MIAOBUSI commented on GitHub (Mar 17, 2025): I’m experiencing the same issue.
kerem commented 2026-02-26 07:36:57 +03:00
Author
Owner
Copy link

@conotoium commented on GitHub (Mar 21, 2025):

Not sure if I can help but I did a wildcard for my domain via Lets encrypt with cloudflare dns challenge and it worked perfectly?

This is how I inserted mine?

# Cloudflare API token
dns_cloudflare_api_token=**********************************************

And are you certain you setup the zone rules correctly?

<!-- gh-comment-id:2742111479 --> @conotoium commented on GitHub (Mar 21, 2025): Not sure if I can help but I did a wildcard for my domain via Lets encrypt with cloudflare dns challenge and it worked perfectly? This is how I inserted mine? ``` # Cloudflare API token dns_cloudflare_api_token=********************************************** ``` And are you certain you setup the zone rules correctly?
kerem commented 2026-02-26 07:36:57 +03:00
Author
Owner
Copy link

@avilesj commented on GitHub (Mar 26, 2025):

Same issue here. I even tried the global token.

<!-- gh-comment-id:2754317939 --> @avilesj commented on GitHub (Mar 26, 2025): Same issue here. I even tried the global token.
kerem commented 2026-02-26 07:36:57 +03:00
Author
Owner
Copy link

@zefuros1991 commented on GitHub (Apr 3, 2025):

I am facing the same issue using NPM as LXC on my proxmox server, I ensured token is valid and active with curl, I also put adguard as DNS server for NPM and i see the DNS queries reach cloudflare. I changed back to my gateway as DNS after that same issue. Has anyone found anything yet?

<!-- gh-comment-id:2776343859 --> @zefuros1991 commented on GitHub (Apr 3, 2025): I am facing the same issue using NPM as LXC on my proxmox server, I ensured token is valid and active with curl, I also put adguard as DNS server for NPM and i see the DNS queries reach cloudflare. I changed back to my gateway as DNS after that same issue. Has anyone found anything yet?
kerem commented 2026-02-26 07:36:57 +03:00
Author
Owner
Copy link

@Speedyhome72 commented on GitHub (Apr 29, 2025):

Cloudflare API token

dns_cloudflare_email =
dns_cloudflare_api_key =

<!-- gh-comment-id:2837962371 --> @Speedyhome72 commented on GitHub (Apr 29, 2025): # Cloudflare API token dns_cloudflare_email = <email> dns_cloudflare_api_key = <token>
kerem commented 2026-02-26 07:36:57 +03:00
Author
Owner
Copy link

@dotku commented on GitHub (May 3, 2025):

Cloudflare API token

dns_cloudflare_email = dns_cloudflare_api_key =

use api_key instead of token would successfully gen the cert!

<!-- gh-comment-id:2848762381 --> @dotku commented on GitHub (May 3, 2025): > # Cloudflare API token > dns_cloudflare_email = dns_cloudflare_api_key = use api_key instead of token would successfully gen the cert!
kerem commented 2026-02-26 07:36:57 +03:00
Author
Owner
Copy link

@NehCoy commented on GitHub (May 26, 2025):

Hello!

Same problem here!

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Nginx Proxy Manager Version
v2.12.3 © 2024

I have tried to perform the DNS Challenge with my domain provider Strato.

Error in WebUI:

Image

CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log

    at /app/lib/utils.js:16:13
    at ChildProcess.exithandler (node:child_process:430:5)
    at ChildProcess.emit (node:events:518:28)
    at maybeClose (node:internal/child_process:1104:16)
    at Socket. (node:internal/child_process:456:11)
    at Socket.emit (node:events:518:28)
    at Pipe. (node:net:343:12)

The content of the log file /tmp/letsencrypt-log/letsencrypt.log looks good for me. - No warnings, or errors inside.

Best regards,
NehCoy

<!-- gh-comment-id:2910112782 --> @NehCoy commented on GitHub (May 26, 2025): Hello! Same problem here! **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Nginx Proxy Manager Version** v2.12.3 © 2024 I have tried to perform the DNS Challenge with my domain provider Strato. Error in WebUI: ![Image](https://github.com/user-attachments/assets/6cf91986-0928-4bfb-8352-42045db673e6) ``` CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log at /app/lib/utils.js:16:13 at ChildProcess.exithandler (node:child_process:430:5) at ChildProcess.emit (node:events:518:28) at maybeClose (node:internal/child_process:1104:16) at Socket. (node:internal/child_process:456:11) at Socket.emit (node:events:518:28) at Pipe. (node:net:343:12) ``` The content of the log file `/tmp/letsencrypt-log/letsencrypt.log` looks good for me. - No warnings, or errors inside. Best regards, NehCoy
kerem commented 2026-02-26 07:36:57 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Dec 13, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3648753710 --> @github-actions[bot] commented on GitHub (Dec 13, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#2840
No description provided.